I wanted to learn what would be the best way(s) to detect an Evil Twin attack on a private network. I see a lot of literature about detecting the attack in a public setting, which seems to make the solutions more complicated. I wonder if it is easier to detect the attack if let's say, my neighbour sets up an Evil Access Point which I unfortunately join and now have all my traffic being redirected to the neighbour's AP. Can capturing and analysing Wireshark traffic help in this situation in any way? One idea was to verify the MAC address of the router but it looks like that can be spoofed by the Evil Twin as well.
P.S.- Someone mentioned in one of the answers here that for the private network, we could just try to login to router configurations to check but that could also be a possible phishing attack to steal the router password as well, so I'm looking for alternate suggestions.
